Penetration Testing mailing list archives
Re: [PEN-TEST] Palm Pilot Security
From: Rory <nazgul () CSN UL IE>
Date: Fri, 26 Jan 2001 00:58:47 +0000
There is a tool on the @stake website that steals passwords from palms you have to get pretty close but it effectively makes the target palm think that it is talking to a computer when infact it is another palm her is the link to it http://www. () stake com/research/advisories/2000/index.html#121400-1 cheers, Rory On Thu, 25 Jan 2001, Mike Ahern wrote:
A Quick Question... Does anyone have any real life experience in evaluating the security of Palm Pilot systems? Someone is proposing using the Palm along with RSA/Security Dynamics soft token, and as a method of gaining some remote network access. I am being asked to sign off on it. I understand that the Palm units may be password protected, but that on the original Palm Pilots you could remove the batteries to reset the unit & password. Also I understand that new Palm 5 units use an internal lithium rechargable battery, and have a reset button that can be used to "reboot" the Palm Pilot. I also am aware that the L0pht guys found a way in the past to undermine the security of the Cryptocard soft token. Anybody aware of methods to hack past the password protection on the Palm? I assume that like anything else, physical access equals potential for 100% system compromise. Anyone aware of any RSA/Security Dynamics soft token security issues on the Palm Pilot? Any thoughts or experiences shared (lessons learned) would be appreciated... - Mike __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/
Current thread:
- [PEN-TEST] Palm Pilot Security Mike Ahern (Jan 25)
- Re: [PEN-TEST] Palm Pilot Security Crist Clark (Jan 25)
- Re: [PEN-TEST] Palm Pilot Security Rory (Jan 25)
- Re: [PEN-TEST] Palm Pilot Security Aviram Jenik (Jan 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Palm Pilot Security Mitch James (Jan 25)
- Re: [PEN-TEST] Palm Pilot Security Ng, Kenneth (US) (Jan 29)
- Re: [PEN-TEST] Palm Pilot Security Wall, Kevin (Jan 29)
- Re: [PEN-TEST] Palm Pilot Security sporty o'one (Jan 29)
- Re: [PEN-TEST] Palm Pilot Security Scott Treacy (Jan 29)
- Re: [PEN-TEST] Palm Pilot Security Walsh, John (Jan 29)
- Re: [PEN-TEST] Palm Pilot Security DK (Jan 29)
- Message not available
- [PEN-TEST] BIND 8 - TSIG Bug Exploit Jason Witty (Jan 29)